P
US9003508B2ExpiredUtilityPatentIndex 46

Methods and apparatus for enabling secure network-based transactions

Assignee: OHVA INCPriority: Sep 20, 2005Filed: Oct 27, 2014Granted: Apr 7, 2015
Est. expirySep 20, 2025(expired)· nominal 20-yr term from priority
Inventors:COLNOT VINCENT CEDRICFELLERS TY
H04L 9/3213H04L 63/10H04L 63/083H04L 63/0853H04L 9/0844H04L 2209/80G06Q 20/4018H04L 2209/56H04L 9/3271G06Q 20/341
46
PatentIndex Score
1
Cited by
15
References
8
Claims

Abstract

A security process involves log-in and data exchange between a server and a user operating a computerized appliance. The process requires a user-specific token, independent verification of the server execution within a programmed time window. A hash created at the client side is reproduced at the server side from separate data and compared to the client hash. Too much time or incorrect hash denies access.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. An access security process, comprising:
 opening a connection to an interactive web site executing on a processor of an Internet-connected server by a client computerized appliance asserting a URL in a web browser; 
 displaying a log-in mechanism to the client computerized appliance by the interactive web site, enabling a user operating the client computerized appliance to enter log-in information; 
 in response to a successful log-in, sending to the client computerized device, data including a time stamp of the time of the log-in, and a page location of an applet to be run by the client computerized appliance to continue the security process; 
 through executing the applet on the client computerized device, determining the domain of the server by querying the page that includes the applet, and searching data storage devices coupled to the client computerized device for an encrypted token compatible with the security process; 
 on finding the token, rendering a virtual keypad on a display of the client computerized appliance, enabling the user to enter a PIN known to the user for decrypting the encrypted token; 
 if the PIN does not successfully decrypt the token, suspending the security process; 
 in the event the PIN successfully decrypts the token, salting the decrypted token value with the time stamp and the domain by adding the domain on one end of the token string and the time stamp on the other end, and hashing the result by a specific hash function; 
 sending the hash value of the decrypted, salted token value to the interactive web page at the server; 
 invoking a dll at the server, retrieving a token stored at the server, salting that token with the domain of the server and the original time stamp sent to the client computerized appliance, and hashing the result by the specific hash function; 
 comparing the hash value received from the client computerized appliance with the hash value generated by the dll at the server, and determining passage of time from the time of the original time stamp to present time; 
 if the passage of time is greater than a preprogrammed time, or if the hash values do not match, denying access by the user at the server; and 
 if the passage of time is within the time window and the hash values do match, granting access to the user at the server. 
 
     
     
       2. The process of  claim 1  wherein the data storage device coupled to the client's computer where the compatible token is found is a flash thumb drive. 
     
     
       3. The process of  claim 1 , wherein the token is unique to a client and includes an identification number, a password or personal identification code, a session key, and a secrete data seed. 
     
     
       4. The process of  claim 1 , wherein the token is an archive. 
     
     
       5. An access security system, comprising:
 an Internet-connected server coupled to a data repository and having a processor; and 
 software executing on the processor from a non-transitory medium, the software providing a process: 
 opening a connection to an interactive web site executing on the processor of the Internet-connected server by a client computerized appliance asserting a URL in a web browser; 
 displaying a log-in mechanism to the client computerized appliance by the interactive web site, enabling a user operating the client computerized appliance to enter log-in information; 
 in response to a successful log-in, sending to the client computerized device, data including a time stamp of the time of the log-in, and a page location of an applet to be run by the client computerized appliance to continue the security process; 
 through executing the applet on the client computerized device, determining the domain of the server by querying the page that includes the applet, and searching data storage devices coupled to the client computerized device for an encrypted token compatible with the security process; 
 on finding the token, rendering a virtual keypad on a display of the client computerized appliance, enabling the user to enter a PIN known to the user for decrypting the encrypted token; 
 if the PIN does not successfully decrypt the token, suspending the security process; 
 in the event the PIN successfully decrypts the token, salting the decrypted token value with the time stamp and the domain by adding the domain on one end of the token string and the time stamp on the other end, and hashing the result by a specific hash function; 
 sending the hash value of the decrypted, salted token value to the interactive web page at the server; 
 invoking a dll at the server, retrieving a token stored at the server, salting that token with the domain of the server and the original time stamp sent to the client computerized appliance, and hashing the result by the specific hash function; 
 comparing the hash value received from the client computerized appliance with the hash value generated by the dll at the server, and determining passage of time from the time of the original time stamp to present time; 
 if the passage of time is greater than a preprogrammed time, or if the hash values do not match, denying access by the user at the server; and 
 if the passage of time is within the time window and the hash values do match, granting access to the user at the server. 
 
     
     
       6. The system of  claim 5 , wherein the data storage device coupled to the client's computer where the compatible token is found is a flash thumb drive. 
     
     
       7. The system of  claim 5 , wherein the token is unique to a client and includes an identification number, a password or personal identification code, a session key, and a secrete data seed. 
     
     
       8. The system of  claim 5 , wherein the token is an archive.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.